#region Copyright (c) 2003, newtelligence AG. All rights reserved.

/*
// Copyright (c) 2003, newtelligence AG. (http://www.newtelligence.com)
// Original BlogX Source Code: Copyright (c) 2003, Chris Anderson (http://simplegeek.com)
// All rights reserved.
//  
// Redistribution and use in source and binary forms, with or without modification, are permitted 
// provided that the following conditions are met: 
//  
// (1) Redistributions of source code must retain the above copyright notice, this list of 
// conditions and the following disclaimer. 
// (2) Redistributions in binary form must reproduce the above copyright notice, this list of 
// conditions and the following disclaimer in the documentation and/or other materials 
// provided with the distribution. 
// (3) Neither the name of the newtelligence AG nor the names of its contributors may be used 
// to endorse or promote products derived from this software without specific prior 
// written permission.
//      
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS 
// OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 
// AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 
// IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 
// OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
// -------------------------------------------------------------------------
//
// Original BlogX source code (c) 2003 by Chris Anderson (http://simplegeek.com)
// 
// newtelligence is a registered trademark of newtelligence Aktiengesellschaft.
// 
// For portions of this software, the some additional copyright notices may apply 
// which can either be found in the license.txt file included in the source distribution
// or following this notice. 
//
*/

#endregion

using System;
using System.Resources;
using System.Web.Security;
using System.Web.UI;
using newtelligence.DasBlog.Web.Core;

namespace newtelligence.DasBlog.Web
{
    /// <summary>
    ///		Summary description for LoginBox.
    /// </summary>
    public partial class LoginBox : UserControl
    {
        protected ResourceManager resmgr;

        protected void Page_Load(object sender, EventArgs e)
        {
            resmgr = ApplicationResourceTable.Get();
            DataBind();

            if (Page.FindControl("LoginBox") == null)
            {
                ID = "LoginBox";

                // form the script that is to be registered at client side.
                String scriptString = "<script type=\"text/javascript\" src=\"scripts/md5.js\"></script>\n";
                scriptString += "<script type=\"text/javascript\">\n";
                scriptString += "	function doChallengeResponse() {\n";
                // uncomment to debug in IE.
                // IE -> Tools -> Internet Options... -> Advanced -> Browsing
                // Disable Script Debugging should be unchecked
                // scriptString += "	debugger;\n";
                scriptString += "	password = document.getElementById('" + password.ClientID + "').value;\n";
                scriptString += "	if (password)	{\n";
                scriptString += "		password = net_md5(password);	// this makes it superchallenged!!\n";
                // get the value for the challenge
                scriptString += "		challenge = document.getElementById('" + challenge.ClientID + "').value;\n";
                // get the value for the username
                scriptString += "		username = document.getElementById('" + username.ClientID + "').value;\n";
                // create a challenge
                scriptString += "		str = challenge + password + username;\n";
                scriptString += "		str = net_md5(str);\n";
                // prepare the challenge and the password for the postback
                scriptString += "		document.getElementById('" + challenge.ClientID + "').value = str;\n";
                scriptString += "		document.getElementById('" + password.ClientID + "').value = '';\n";
                scriptString += "	}\n";
                scriptString += "}\n";
                scriptString += "</script>";

                if (!Page.ClientScript.IsClientScriptBlockRegistered(GetType(), "clientScript"))
                {
                    SiteConfig siteConfig = SiteConfig.GetSiteConfig();
                    if (siteConfig.EncryptLoginPassword)
                    {
                        Page.ClientScript.RegisterClientScriptBlock(GetType(), "clientScript", scriptString);
                        doSignIn.Attributes.Add("onclick", "doChallengeResponse();");
                    }
                }
            }

            if (!Page.IsPostBack)
            {
                FormsAuthentication.SignOut();
                challenge.Value = Session.SessionID;
                ViewState["challenge"] = challenge.Value;
            }
        }

        public void SetAuthCookie(string tokenName, string userName)
        {
            FormsAuthentication.SetAuthCookie(userName, rememberCheckbox.Checked);
        }

        protected void doSignIn_Click(object sender, EventArgs e)
        {
            SiteConfig siteConfig = SiteConfig.GetSiteConfig();

            if (siteConfig.EncryptLoginPassword)
            {
                string viewStateChallenge = ViewState["challenge"] as string;
                
                if (viewStateChallenge == null)
                {
                    throw new ArgumentException("Password Challenge was null in ViewState!");
                }

                UserToken token = SiteSecurity.Login(username.Text, challenge.Value, viewStateChallenge);
                
                if (token != null)
                {
                    SetAuthCookie(token.Name, username.Text);
                    Response.Redirect(SiteUtilities.GetAdminPageUrl(), true);
                }
                else
                {
                    challenge.Value = Session.SessionID;
                    ViewState["challenge"] = challenge.Value;
                }
            }
            else
            {
                UserToken token = SiteSecurity.Login(username.Text, password.Text);
                if (token != null)
                {
                    SetAuthCookie(token.Name, username.Text);
                    Response.Redirect(SiteUtilities.GetAdminPageUrl(), true);
                }
            }
        }

        #region Web Form Designer generated code

        protected override void OnInit(EventArgs e)
        {
            InitializeComponent();
            base.OnInit(e);
        }

        private void InitializeComponent()
        {
        }

        #endregion
    }
}